302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576

Analysis

max time kernel
73s
max time network
178s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:40

Target

302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe
Size

194KB
MD5

c334dd0a85c8340e651cf2c9cbb80117
SHA1

98f4ba658da32cd11e91b9fe318e3e275865e734
SHA256

302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576
SHA512

b14f16444b3032bee153466172ecbf2a1a40ceb78f2ed878d3f40f67a0be83bf26fd7bff30df0d11fccb38fd82f6b18e2be755f95863e227d0790a6f1e3dde1e
SSDEEP

3072:xSDfPMawU0XxcS7bB+008R9ueRgDivL6K61+X6Zj3NP6dGxbuNh/rDEvPjrKi:xSDspOS7p08R9ueRQizC1+k9wwavE3j

Score

8^/10

Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exe

flow pid process

5 1700 msiexec.exe
6 1700 msiexec.exe
8 1700 msiexec.exe

Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe

pid	process
1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe
1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe

description	pid	process	target process
PID 1536 wrote to memory of 1700	1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe	msiexec.exe
PID 1536 wrote to memory of 1700	1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe	msiexec.exe
PID 1536 wrote to memory of 1700	1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe	msiexec.exe
PID 1536 wrote to memory of 1700	1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe	msiexec.exe
PID 1536 wrote to memory of 1700	1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe	msiexec.exe
PID 1536 wrote to memory of 1700	1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe	msiexec.exe
PID 1536 wrote to memory of 1700	1536	302c80ccde8061b03f1940df31d93238926d6b4ba90b33df6cc16dddc75ff576.exe	msiexec.exe

C:\Windows\SysWOW64\msiexec.exe
C:\Windows\SysWOW64\msiexec.exe
2⤵
- Blocklisted process makes network request
PID:1700

memory/1700-54-0x0000000000000000-mapping.dmp

Download
memory/1700-55-0x00000000764C1000-0x00000000764C3000-memory.dmp

Filesize
8KB

Download
memory/1700-56-0x0000000000D10000-0x0000000000D24000-memory.dmp

Filesize
80KB

Download
memory/1700-57-0x00000000000D0000-0x0000000000102000-memory.dmp

Filesize
200KB

Download
memory/1700-58-0x00000000000D0000-0x0000000000102000-memory.dmp

Filesize
200KB

Download
memory/1700-59-0x00000000000D0000-0x0000000000102000-memory.dmp

Filesize
200KB

Download